8,367 research outputs found
Towards a Unified Framework for Declarative Structured Communications
We present a unified framework for the declarative analysis of structured
communications. By relying on a (timed) concurrent constraint programming
language, we show that in addition to the usual operational techniques from
process calculi, the analysis of structured communications can elegantly
exploit logic-based reasoning techniques. We introduce a declarative
interpretation of the language for structured communications proposed by Honda,
Vasconcelos, and Kubo. Distinguishing features of our approach are: the
possibility of including partial information (constraints) in the session
model; the use of explicit time for reasoning about session duration and
expiration; a tight correspondence with logic, which formally relates session
execution and linear-time temporal logic formulas
Introduction to the ISO specification language LOTOS
LOTOS is a specification language that has been specifically developed for the formal description of the OSI (Open Systems Interconnection) architecture, although it is applicable to distributed, concurrent systems in general. In LOTOS a system is seen as a set of processes which interact and exchange data with each other and with their environment. LOTOS is expected to become an ISO international standard by 1988
Towards formal models and languages for verifiable Multi-Robot Systems
Incorrect operations of a Multi-Robot System (MRS) may not only lead to
unsatisfactory results, but can also cause economic losses and threats to
safety. These threats may not always be apparent, since they may arise as
unforeseen consequences of the interactions between elements of the system.
This call for tools and techniques that can help in providing guarantees about
MRSs behaviour. We think that, whenever possible, these guarantees should be
backed up by formal proofs to complement traditional approaches based on
testing and simulation.
We believe that tailored linguistic support to specify MRSs is a major step
towards this goal. In particular, reducing the gap between typical features of
an MRS and the level of abstraction of the linguistic primitives would simplify
both the specification of these systems and the verification of their
properties. In this work, we review different agent-oriented languages and
their features; we then consider a selection of case studies of interest and
implement them useing the surveyed languages. We also evaluate and compare
effectiveness of the proposed solution, considering, in particular, easiness of
expressing non-trivial behaviour.Comment: Changed formattin
Verification of Shared-Reading Synchronisers
Synchronisation classes are an important building block for shared memory
concurrent programs. Thus to reason about such programs, it is important to be
able to verify the implementation of these synchronisation classes, considering
atomic operations as the synchronisation primitives on which the
implementations are built. For synchronisation classes controlling exclusive
access to a shared resource, such as locks, a technique has been proposed to
reason about their behaviour. This paper proposes a technique to verify
implementations of both exclusive access and shared-reading synchronisers. We
use permission-based Separation Logic to describe the behaviour of the main
atomic operations, and the basis for our technique is formed by a specification
for class AtomicInteger, which is commonly used to implement synchronisation
classes in java.util.concurrent. To demonstrate the applicability of our
approach, we mechanically verify the implementation of various synchronisation
classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933
Lost in Abstraction: Monotonicity in Multi-Threaded Programs (Extended Technical Report)
Monotonicity in concurrent systems stipulates that, in any global state,
extant system actions remain executable when new processes are added to the
state. This concept is not only natural and common in multi-threaded software,
but also useful: if every thread's memory is finite, monotonicity often
guarantees the decidability of safety property verification even when the
number of running threads is unknown. In this paper, we show that the act of
obtaining finite-data thread abstractions for model checking can be at odds
with monotonicity: Predicate-abstracting certain widely used monotone software
results in non-monotone multi-threaded Boolean programs - the monotonicity is
lost in the abstraction. As a result, well-established sound and complete
safety checking algorithms become inapplicable; in fact, safety checking turns
out to be undecidable for the obtained class of unbounded-thread Boolean
programs. We demonstrate how the abstract programs can be modified into
monotone ones, without affecting safety properties of the non-monotone
abstraction. This significantly improves earlier approaches of enforcing
monotonicity via overapproximations
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
Compositional Performance Modelling with the TIPPtool
Stochastic process algebras have been proposed as compositional specification formalisms for performance models. In this paper, we describe a tool which aims at realising all beneficial aspects of compositional performance modelling, the TIPPtool. It incorporates methods for compositional specification as well as solution, based on state-of-the-art techniques, and wrapped in a user-friendly graphical front end. Apart from highlighting the general benefits of the tool, we also discuss some lessons learned during development and application of the TIPPtool. A non-trivial model of a real life communication system serves as a case study to illustrate benefits and limitations
Specification and Verification of Distributed Embedded Systems: A Traffic Intersection Product Family
Distributed embedded systems (DESs) are no longer the exception; they are the
rule in many application areas such as avionics, the automotive industry,
traffic systems, sensor networks, and medical devices. Formal DES specification
and verification is challenging due to state space explosion and the need to
support real-time features. This paper reports on an extensive industry-based
case study involving a DES product family for a pedestrian and car 4-way
traffic intersection in which autonomous devices communicate by asynchronous
message passing without a centralized controller. All the safety requirements
and a liveness requirement informally specified in the requirements document
have been formally verified using Real-Time Maude and its model checking
features.Comment: In Proceedings RTRTS 2010, arXiv:1009.398
- âŠ